Avoiding syscall Overhead

Synopsis

At the moment the setproctitle call is implemented with a sysctl, this has the unfortunate side effect that this simple call locks the Giant-lock. As this call is a simple matter of setting a value, it could be better implemented with shared memory between the kernel and user-space.

Project

This project purposes a scheme to securely share process specific data, between the kernel and a user-space process. This is done by having each process allocate a special memory page, on which the kernel and user-space process can share data. This will give the security needed, as the VM-system will make sure that no outside processes can fiddle with a process' data. As everything is going on it user-space, there is no concern about a rogue process could write inside the kernel memory. There is still a locking concern, which will be addressed either by locking the entire page, or micro-locking each data field on the page. To test the scheme, I will implement the setproctitle call with share memory as oppose to the current syscall version.

Update: Howard Su has sugested a a multi page scheme, where a read/write page is used for things like get/setproctitle and a read-only page for things like getpid. And maybe a system wide read-only page for things like getdomain, gethostname etc. More on this to follow.

Milestone

This is a list of milestone, and the order in which I will take them.

Allocate a page in each process on creation.

Deallocate the page.

Write something to the page.

Read and write to the page from user space.

Figure out a suitable data structure.

Figure out a locking scheme.

Add the new scheme to setproctitle, running along side the old.

Phase out the old scheme.

Completed milestones will be marked with ( ).

Schedule

Week 27-28

Have milestones 1-4 completed before the midterm evaluation.

Week 29

Think up the data structure and locking scheme (milestones 5 and 6).

week 30-33

The two last milestone, and delivery.

All weeks included.

---

Patch/Source

This should add a working getpid() through the page-scheme. A page is allocated on fork() and exec() and its address is accesible through the kern.usrsysshm sysctl. There is a struct on the page which is hold the pid, the pid is set from the kernel, and is accessible directly from the user process' vmspace.